Re: SSL + PGP

mgraffam@idsi.net
Wed, 28 Apr 1999 14:35:53 -0400 (EDT)

• Next message: Ge' Weijers: "Re: Questions regarding using ciphers as stream ciphers"
• Previous message: bram: "RE: Security awareness (Re: Questions regarding using ciphers as stream ciphers)"
• In reply to: Salz, Rich: "RE: Security awareness (Re: Questions regarding using ciphers as stream ciphers)"
• Next in thread: Ian Grigg: "Re: SSL + PGP"

On Wed, 28 Apr 1999, Michael Bauer wrote:

> Assuming their own web-server is secure,

Thats a really huge assumption. This will likely be the weakest link in
your system.

> what do you guys think about the following scenario?:
>
> 1. Member enters credit-card #, etc. in SSL-protected web form.
>
> 2. Form data is processed by PERL script that uses PGP (or is there a
> PERL module that can do this?) to encrypt form data with accountant's
> public key, mails encrypted data to accountant.

Sounds like it could be made to work.. but if the end destination is
the accountant, why not let the user talk to him directly? Write some
Java to process the credit card number on the user's computer and
encrypt it with the account's PK and email it to him -- this way, the
possibility of weak 40-bit SSL never appears, and the web-server end
can be pretty much read only (never has to store credit card numbers
or anything).

That is, the Java program, PK and all the other goodies may be able
to be stored on a physically read-only medium so that if an attacker does
crack the web server, he can't actually change the Java applet or the
PK.

A good way to do this would be to chroot httpd to have its root as, say,
a CD -- this way, if an attacker does attack the web server (which should
probably only have httpd running) he'll get the web user account, which
is isolated to a physically read-only medium. If you are running other
junk and an attacker gets root, you're hosed, of course.. read-only
media doesn't help you there.. he'll just copy the CD to the HD, change
the Java applet to email HIM the cc numbers, and re-run httpd -- but
you can't stop root anyhow, so.. its kinda pointless to worry about it..

It's like worry about stopping the winning TD when the opposing team is
already in the locker room taking showers and doing their victory dances..

The above assumes that you are running some sort of UNIX -- hopefully NOT
as huge assumption :) -- if your running NT, well.. I have a feeling
that you're hosed -- but I dunno, I have made it a point to stay the hell
away from it.

Michael J. Graffam (mgraffam@idsi.net)
They (who) seek to establish systems of government based on the
regimentation of all human beings by a handful of individual rulers..
call this a new order. It is not new, and it is not order."
                                - Franklin Delano Roosevelt

• Next message: Ge' Weijers: "Re: Questions regarding using ciphers as stream ciphers"
• Previous message: bram: "RE: Security awareness (Re: Questions regarding using ciphers as stream ciphers)"
• In reply to: Salz, Rich: "RE: Security awareness (Re: Questions regarding using ciphers as stream ciphers)"
• Next in thread: Ian Grigg: "Re: SSL + PGP"